UniFLOW Online Registration Vulnerability
CVE-2024-1621

7.5HIGH

Key Information:

Vendor: Nt-ware
Status: Uniflow Online
Vendor: CVE Published:; 2 September 2024

What is CVE-2024-1621?

The registration process of uniFLOW Online applications can be exploited when email login is activated for tenants. Tenants that combine email login with Microsoft Safe Links may face significant risks. This exploit enables an attacker to impersonate a legitimate user, registering themselves within the system and gaining similar access and permissions as the real user. Safeguarding against this vulnerability requires attention to the security settings and mitigation measures outlined by NT-ware.

Affected Version(s)

uniFLOW Online uniFLOW SmartClient 0 <= 2024.1.0 (including)

References

https://ntware.atlassian.net/wiki/spaces/SA/pages/1211321...

vendor-advisorymitigation

https://www.canon-europe.com/psirt/advisory-information/

vendor-advisorymitigation

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2024
Vulnerability Reserved
Feb 19, 2024

Nt-ware

What is CVE-2024-1621?

Affected Version(s)

References

CVSS V3.1

Timeline